Fortiva IT Consulting

Resilience. Security. Compliance.

Fortiva IT Consulting

Resilience. Security. Compliance.

Apple Zero-Day Alert

By Dan HoffmanPosted on Posted in cybersecurity

🔐 Overview of the Apple Zero-Day Vulnerabilities

In April 2025, Apple addressed two critical zero-day vulnerabilities actively exploited in targeted attacks:​GBHackers+2BleepingComputer+2Help Net Security+2

  1. CVE-2025-31200: A memory corruption issue in the CoreAudio framework. Processing a maliciously crafted audio stream could allow attackers to execute arbitrary code on the device. This vulnerability was discovered by Apple and Google’s Threat Analysis Group. ​Help Net Security+8Cyber Security News+8Dark Reading+8NVD+6BleepingComputer+6Cyber Security News+6Windows Forum+7Help Net Security+7BleepingComputer+7
  2. CVE-2025-31201: An arbitrary read and write vulnerability in the RPAC component. Attackers with read/write access could bypass Pointer Authentication, a security feature designed to prevent exploitation. ​CISA+9The Hacker News+9BleepingComputer+9CISA+7NVD+7Cyber Security News+7

Apple released emergency patches for these vulnerabilities in iOS 18.4.1, iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1. ​Help Net Security+6BleepingComputer+6Cyber Security News+6

🛡️ Recommendations

  • Update Devices: Ensure all Apple devices are updated to the latest versions mentioned above.​
  • Stay Informed: Monitor official Apple security advisories for any further updates or patches.
Apple Zero-Day Alert
Scroll to top